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DETAILED ACTION 

Response to Amendment 

Claims 1, 18, 19, 21, 23-29, 31-33, and 35-40 are amended. Claims 2, 20, 30 and 34 are 
cancelled. Claims 1,3-19, 21-29, 31-33, and 35-40 are pending. 

Response to Arguments 

Applicant's arguments, see Remarks, filed 6/29/2008, with respect to all of the previous 
objections and rejections have been fully considered and are persuasive. The previous objections 
and rejections have been withdrawn. Further search has yielded the Guigui reference which is 
now applied as prior art. 

Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 2 1(2) of such treaty in the English language. 

Claims 1, 3, 5-6, 11, 15-19, 21, 23-24, 27, 31-33, 36, and 40 rejected under 35 
U.S.C. 102(e) as being anticipated by U.S. Patent Application Publication Number 
2004/0186901 by Guigui. 

As to claim 19, Guigui teaches an authentication system comprising: an authentication 
server coupled to a data communication network (paragraph 41, radius server); an 
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authentication database associated with the authentication server (paragraph 41), said 
authentication database being configured to store authentication information for comparison to 
login information provided by a user for authenticating the user (paragraph 41),, said 
authentication database further being configured to store user-specific information identifying 
the user with respect to one or more services provided by at least one affiliate server coupled to 
the data communication network (paragraphs 59-62, the servers are affiliate servers), said 
affiliate server being configured to provide the one or more services to the user via a client 
coupled to the data communication network (paragraphs 59-62, the servers are affiliate 
servers); said authentication server being configured to receive a request from the user for a 
service to be provided by the affiliate server, said authentication server further being configured 
to authenticate the user responsive to the request when login information retrieved from the user 
via the data communication network matches the authentication information stored in the 
authentication database (paragraphs 59-62); said authentication server being further configured 
to maintain a user profile storing the user-specific information, to receive a request from the 
requested service for user information associated with the user and consent to use the requested 
user information, to determine if the requested user information is stored in the user profile in 
response to the request for consent (paragraphs 59-62); and said authentication server being 
further configured to provide a user interface to collect the requested user information that is not 
stored in the user profile from the user, to receive the user information provided by the user via 
the user interface in response, and to allow access by the requested service to the received user 
information (paragraphs 59-62); wherein the authentication server is configured to update the 
user profile with the received user information (paragraph 21). As to the remainder of the 
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limitations of claim 19, Guigui teaches the claimed second affiliate server, as multiple services 
are disclosed. 

As to claim 21, Guigui teaches the system of claim 19, wherein the authentication server 
is configured to allow, in response to the request for consent, access by the requested service to 
the requested user information if the user information is stored in the user profile (paragraphs 
59-62). 

As to claim 23, Guigui teaches the system of claim 19, wherein the user interface 
provided by the authentication server displays a user-selectable option for viewing intention 
information associated with the requested user information, said intention information describing 
how the requested user information will be used by the requested service (paragraphs 59-62). 

As to claim 24, Guigui teaches the system of claim 23, wherein the authentication server 
is configured to provide an intention user interface for displaying the intention information, said 
intention user interface being provided by the authentication server in response to the user- 
selectable option being selected by the user (paragraphs 59-62). 

As to claim 27, Guigui teaches the system of claim 19, wherein the requested service is 
granted consent to use the user-specific information stored in the user profile (paragraphs 59- 
62). 

As to claim 31, Guigui teaches the system of claim 19, wherein the authentication server 
is configured to provide an administrator user interface to a responsible person of the user in 
response to the received user information, said administrator user interface allowing the 
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responsible person of the user to grant consent for the requested service to use the received user 
information (paragraphs 59-62). 

As to claim 32, Guigui teaches the system of claim 31, wherein the authentication server 
is configured to allow access by the requested service to the received user information if consent 
for the requested service to use the received user information is granted by said responsible 
person (paragraphs 59-62). 

As to claims 1-3, 5-6, 1 1-12, and 15-18, they are directed towards the method 
implemented by the system of claim 19 and its dependents and are therefore rejected for the 
same reasons. 

As to claims 33-34, 36, and 40, they are directed towards media that is part of the system 
of claim 19 and its dependents and are therefore rejected for the same reasons. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 4, 8-10, 12-14, 22, 26, 28-30, 35, and 38-39 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over U.S. Patent Application Publication Number 2004/0186901 by 
Guigui in view of U.S. Patent Application Number 2002/0023059 by Bari et al (Part of 
applicant's IDS). 
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As to claims 4, 22 and 35, Guigui teaches the system of claim 19, however Guigui does 
not explicitly teach a system wherein the user interface provided by the authentication server 
displays the user- specific information previously stored in the user profile. 

Bari teaches a system wherein the user interface provided by the authentication server 
displays the user-specific information previously stored in the user profile (paragraph 44 and 
Figures 9A-D). 

It would have been obvious to one of ordinary skill in the Computer Networking art at the 
time of the invention to combine the teachings of Guigui regarding a user authorization system 
with the teachings of Bari regarding displaying user specific information previously stored 
because doing so allows a user to easily change previously entered information. 

As to claims 8-10, 26, and 38, Guigui teaches the system of claim 24, however Guigui 
does not explicitly teach wherein the requested service is a member of a policy group, and 
wherein said intention user interface further displays a list of members of said policy group. 

Bari teaches a system wherein the requested service is a member of a policy group, and 
wherein said intention user interface further displays a list of members of said policy group 
(paragraph 43). 

It would have been obvious to one of ordinary skill in the Computer Networking art at the 
time of the invention to combine the teachings of Guigui regarding a user authorization system 
with the teachings of Bari regarding displaying a list of affiliates because a list allows a user to 
more easily select who to provide information to. 
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As to claims 9 and 10, Bari teaches a method wherein said intention user interface further 
displays a second user-selectable option for viewing a privacy policy associated with said policy 
group, said privacy policy relating to how user information that the policy group is granted 
consent to use is to be protected and providing a policy user interface via the browser for 
displaying the privacy policy, said policy user interface being provided in response to the second 
user-selectable option being selected by the user (paragraph 44). 

As to claims 12-14, 28-30, and 39, Guigui teaches claims 1 1, 27, and 33 including 
revoking consent (see paragraphs 46-47); however Guigui does not explicitly teach list services. 
Bari teaches listing services that a user may want access to (paragraph 43). It would have been 
obvious to combine the teachings of Guigui and Bari for the reasons given in the rejections of 
claims 8, 26, and 38 above. 

Claims 7, 25, and 37 are rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. 
Patent Application Publication Number 2004/0186901 by Guigui in view of U.S. Patent 
Application Number 2005/0076233 by Aarts et al (Part of applicant's IDS). 

As to claims 7, 25, and 37, Guigui teaches the system of claim 24, however Guigui does 
not explicitly teach wherein said intention user interface further displays retention information 
associated with the requested user information, said retention information specifying how long 
the requested user information will be retained by the requested service. 

Aarts teaches a system wherein said intention user interface further displays retention 
information associated with the requested user information, said retention information specifying 
how long the requested user information will be retained by the requested service (paragraph 30). 



Application/Control Number: 10/784,530 Page 8 

Art Unit: 2442 

It would have been obvious to one of ordinary skill in the Computer Networking art at the 
time of the invention to combine the teachings of Guigui regarding a user authorization system 
with the teachings of Aarts regarding retention periods for data because a user may only want to 
release information for a certain period of time (Aarts, paragraph 30). 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DOUGLAS B. BLAIR whose telephone number is (571)272- 
3893. The examiner can normally be reached on 9:00am-5 :30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on (571) 272-3868. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Douglas B Blair/ 
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Primary Examiner, Art Unit 2442 



